| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Oct 2007 13:41:29 -0700 From: "Gregory Rubin" <grrubin@...il.com> To: "KJK::Hyperion" <hackbunny@...tpj.org> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://support.microsoft.com/kb/224816 <= Use ShellExecute to launch the default Web browser I agree that we need sanity checking on the applications accepting the input, but the fact remains that ShellExecute is doing dangerous things based on bad input. Both application developers and Microsoft should work on fixing this. Greg Rubin grrubin@...il.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0 iD8DBQFHC+de5KDU23nQpRcRAoNKAJ9TvOiL16hKjTV2oYsDJtOazcZEMwCfYv/C +g7WwL6VKCyRc9a5doKbdAg= =UdN+ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists